I want to automatically deploy EventsEntry with minimal privileges. According to the manual there are three ways to install the EventryEntry agent: manual installation, installation through the EventsEntry Management Console and automated MSI installation.
Manual Installation is obviously not what I want. So the only options are installation through the EventsEntry Management Console and automated MSI installation.
I don't want that each user of the Management Console needs to have administrative privileges on the monitored computers. So installing the EventsEntry through the EventsEntry Management Console is not an option. Moreover, the installation through the EventsEntry Management Console can't be automated.
Therefore, the last way to install the EventsEntry agent is through the MSI installer. We can customize the installer with the exported configuration and install the MSI file through SCCM or AD. After installation there are three options for remote updates: ADMIN$ share, ES$ share and eventsentry_svc.reg. As mentioned, I want EventsEntry to have minimal privileges, so updates through ADMIN$ share is not an option. Updates through ES$ are better because I can eventsentry_upd.exe under a managed service account that has permissions to access the ES$ share.
What are the disadvantages of the ES$ share? The manual says that EventsEntry Management Console will not be able to check the agent status if it has no permission to access the ADMIN$ share. Does that mean that EventsEntry will not be able to check via the Hearbeat feature whether a remote agent crashed?
Is it possible to export the eventsentry_svc.reg file automatically, so that the ES$ would not be necessary and configuration updates could be distributed through SCCM or AD?